On Sat, Oct 04, 2003 at 11:00:54PM -0700, Jonathan Gardner wrote:
4) Finally, I created a key in /etc/cipe/options.cipcb0 on both
machines. It
reads:
key [md5sum]
where md5sum is the result of running:
$ ps -aux | md5sum
(note that I only included the 128 digit hexadecimal number - not the '-'
part.)
Argh! I filed a bug about this way of generating keys in
redhat-config-securitylevel, obviously the source was CIPE docs :-)
Please recommend something like:
[root@connecting root]# dd if=/dev/random bs=1 count=16 | xxd -ps
16+0 records in
16+0 records out
9a1639e5fd8674eed2b6ab31aa62fcc1
so you don't have to worry about the amount entropy of ps aux
has. I would argue that it's less than 128 bits, especially
if generate the key on a fresh system just after rebooting.
Too risky when talking about crypto keys in any case :-)
--
Pekka Pietikainen